Jim Adler

Earlier this week, Intelius Chief Privacy Officer Jim Adler spoke at O’Reilly’s Strata Conference.  His talk, The Accidental Chief Privacy Officer (CPO), discussed how the industrial privacy professional is evolving from a compliance enforcer to a product innovator.  Here are the slides and interview with O’Reilly’s Alex Howard (@digiphile):

Jim Adler interviewed at Strata NY 2011

The key takeaway from the talk (see summary slide) is that the privacy pro is becoming a key evangelist for responsible innovation within fast-moving, high technology organizations. To be successful, four lessons:

1. Innovation is a team sport. Communication is key. So talk and (more importantly) listen to your toughest critics, both inside and outside your organization. They’ll better understand your perspective and you’ll often get great ideas.
2. Build a confluence of influence. Good decisions come from every corner of the business, early in the product cycle. Find the members of any team that are inventive, collaborative, and capable of creating the Reality Distortion Field (used so effectively by Steve Jobs) that’s so vital to disruptive innovation.
3. Be the happy warrior. Innovation, by definition, changes the status quo and makes some people uncomfortable. Engage with them in a constructive, respectful way inline with Graham’s Hierarchy of Disagreement.
4. Find clarity in the confusion. Use math, data, and history to find the clarity within the confusion. Privacy issues are especially difficult. As Jeff Jarvis points out in his new book, Public Parts, even defining privacy is a journey through an Escher maze. Jeff has a great, well referenced chapter on What Is Privacy? that illustrates the perennial struggle we all have navigating the privacy maze.
   
   The good news is that the privacy labyrinth can be traversed with sufficient situational assessment, data analysis, and historical perspective. Then, to remix metaphors, you can be that excited child in the room of manure who finds that elusive pony.

More from Jim Adler, Chief Privacy Officer at Intelius

Posted by Jim Adler, Chief Privacy Officer at Intelius

There’s been a lot of recent debate around the use of online names sparked by the Google+ real names policy. The stark absolutism of this debate baffles me, as if we had to choose between them. It’s a false choice. We should have them all. As we map human social customs online, nuance and context rule. Inflexible policies and binary choices are a cop-out. Life’s complicated and more interesting that way. As I recently tweeted in a privchat:

There are legit use-cases for pseudonyms so they shouldn’t be banned. But they are certainly unnatural for mainstream use. #privchat

This got me thinking about how many real names are typical for each person? I did a quick look across the Intelius public-records corpus of a few hundred million people and counted the number of real names per person. The results are what you might expect:

The vast majority of people, 83%, have one full-name [Just to be clear, Sarah Jessica Parker may also go by Sarah Jessica Broderick. Those would count as two real names.] A significant minority, 11%, have two names. I imagine that most of the people with two names are married women who are recently married or simultaneously maintain their maiden and married names (typical of professional women). It’s a little surprising that 6% have more than two names. I wonder how many people in this set have criminal records?

So far, the nymwars debate has largely been framed around the 17% that have more than one name. But there are strong pro and con arguments for nyms, pseudonyms, and anonyms. What, the totality of human social engagement can’t be pigeonholed into a single use-case? Hmm, Surprising.

Nyms

Whether offline or online, the vast majority of us build trusted relationships and reputation around our real name. Real names are easy and natural. I use my real name on Twitter, LinkedIn, and Facebook. One of Facebook’s best strategic moves was encouraging use of real names. Generally, real names encourage real interactions and weakens the barrier between offline and online experiences. However, requiring real names is an 83% solution that’s fueling a Google+ backlash from the other 17%.

Pseudonyms

There’s a host of reasons for pseudonyms, many of which have been cataloged during the recent nymwars. An example of a pseudonym is Twitter’s PogoWasRight, which is used persistently and has established respect within the privacy community. Pseudonyms are not new as Samuel Clemens proved more than 130 years ago.

The challenge with pseudonyms is that they are tough to manage. I know several professional women that simultaneously maintain two legal names. They are in a perpetual state of multiple account management—”which name did I use for this account again?” I founded a startup several years ago that tried to crack this problem. It’s a bear.

Anonyms

As for anonyms, they are distinct from pseudonyms. The intent with pseudonyms is to build a long-lived identity that’s separate from our real identity. In stark contrast are anonyms (e.g., fymiqcxw) which are throw-away identities that in nearly all cases (except political dissent) have nefarious intent. Online anonyms too often encourage what psychologists call deindividuation. Nothing empowers a psychopath more than an audience and a mask.

The key takeaway is—whether nym, pseudonym, or anonym—trust, accountability, empathy, and civility are built around knowing whom you’re dealing with. As we move through this continuum, we move away from “real” relationships. If that’s your intent, fine. The nymwars debate is larger than the real name policies of any social network. It is a further evolutionary move toward mapping our social norms online. Sure, it’s messy. Most human endeavors are.

More from Jim Adler, Chief Privacy Officer at Intelius

Jim Adler is the chief privacy officer at Intelius. Jim wrote this article as a guest columnist for the Seattle Times on July 4, 2011.

Today we celebrate the 235th anniversary of the signing of the Declaration of Independence. It got me thinking about how our American commitment to life, liberty and the pursuit of happiness applies to today's high-tech, fast-paced, social-media world, especially for privacy and speech rights.

So let's drill into this right to privacy, a subject that has captured national attention lately in both the mainstream media and Congress. The Constitution provides for no such privacy right among us citizens. The Bill of Rights does offer privacy protections from the government. The Third Amendment protects our homes from government intrusion, and the Fourth Amendment protects our homes from unreasonable government searches and seizures.

But the Constitution doesn't provide for privacy protections among our fellow citizens. For that, we're largely left to the common law. This more pedestrian, common-law idea of privacy was discussed in "The Right to Privacy" (Harvard Law Review, 1890) by the future Supreme Court Justice Louis Brandeis and partner Samuel Warren.Warren and Brandeis quote from an 1880 treatise by Michigan Supreme Court Justice Thomas Cooley who introduced a "right to be let alone" in the context of common law torts — basically the 19th-century version of "don't tase me, bro."

So, privacy embodies an essential value of discretion — the expectation "to be let alone" by government and citizen. Of course, in tension with this value is a value of disclosure, embodied by the First Amendment, which guarantees freedom of press, individual speech and peaceful assembly.

It is within this uniquely American tapestry that we grapple with the deluge of new technological devices and social media. Should we have the right to have ourselves erased from the Internet, surf without being tracked, make an unrecorded phone call or conduct an anonymous search? As parents, how do we balance the responsibility to keep our kids safe online with respect for their privacy?

The good news is that we've been wrestling with these heady issues for 235 years, and this discretion/disclosure heritage can really help.

For example, when it comes to "smart grid," I'm a privacy-conservative. Smart grid is a set of technologies that monitors the power usage of the appliances in our homes. Frankly, my home (and body) are places of the highest discretion. How much time I spend staring at the fridge with the door open is my business. In the home, discretion rules, period.

But when in public, disclosure is king. I was leaving a baseball game a few weeks ago, and a woman was taking pictures of the fans as they left the stadium. In today's world, I would expect my picture to be uploaded, tagged and available to anyone online. It's the Internet equivalent of the small-town refrain: "Hey, did you see Jim at the game?"

Social media is less than a decade old. We are at the beginning of this journey to map our traditional values to this new medium. The question is whether this medium can support our values? And, if so, how?

In a recent New Yorker piece, "Small Change — why the revolution will not be tweeted," Malcolm Gladwell criticizes social media for favoring vast, "weak-tie" relationships where disclosure is maximal and discretion is minimal.

He contrasts these relationships to small, "strong-tie" groups that enjoy deep trust because of the secrets they keep. Gladwell describes the relationship of the Greensboro Four who led the 1960 lunch counter sit-ins in North Carolina. They discreetly discussed the idea of a sit-in for nearly a month over beers smuggled into their dorm room. The day before the sit-in, they challenged each other in the most in-your-face way when one of them asked: "Are you guys chicken or not?"

There is historic power that emerges from breaking the tension between discretion and disclosure. Our founders engaged in a similar social dynamic as the Greensboro Four — brutally honest disclosure among themselves and saintly discretion with everyone else.

The values of privacy and speech, discretion and disclosure were at play 235 years ago in Philadelphia, 51 years ago in Greensboro, and we Americans are reflexively shaping social media to support them today. These are the values that allow us to trust each other, to challenge each other, and ultimately to depend on each other. Let's not forget that on this Independence Day.

Happy Fourth!

Now young adults, our kids have been on social networks since their early teens. Being a technology family, our policy has been to encourage supervised experimentation. So even though our boys weren’t afforded complete privacy, they were permitted age-appropriate control and authority over their social situations.

Of course, the weasel words here are age-appropriate, which we parents unilaterally define — a prerogative of being the prison warden. True enough, but we’ve always told our kids: “It’s the job of your mother and I to make the rules. It’s the job of you guys to negotiate change.” And that’s worked pretty well over the years.

At last week’s Computer, Freedom, and Privacy conference, danah boyd (she prefers the cummingsian capitalization) struck a similar chord, pointing out that social norms define privacy boundaries. So for Father’s Day, I thought I’d share some personal lessons with my fellow fathers on the social norms that have shaped the privacy boundaries of my kids’ online lives.

1. Parents should be seen and not heard.
   My very informal, unscientific poll says that parental engagement should be no more than 5%. That means you should only like, comment, or retweet 1 in 20 of your kids’ posts.
2. Don’t overreact.
   A corollary to #1. Of the 1 in 20 posts where you do respond, keep it breezy. Remember that your kids’ friends are watching the online exchange, and they really don’t need to be reprimanded or gushed over in front of their friends. Take it offline or to a private message.
3. Don’t pollute their feed.
   I’m guilty of this one. For awhile, I didn’t appreciate the boundaries between social networks, so my work-related LinkedIn and Twitter updates were piped to my Facebook feed. I was penalty-boxed by my youngest who said “No one [on Facebook] knows or cares about any of this business stuff, Dad. Jeez!” Ugh, point taken.
4. Don’t hack.
   This is pretty basic but don’t break into your kids’ account. If you really have probable cause for a search and seizure, be upfront about it. Spying and lying always undermine the trust in a relationship. Duh.
5. Don’t judge.
   Social circles are always in flux, so don’t judge your kids’ friends by what they post or say among themselves. There are exceptions to this rule but realize, as a parent, you only have a few chits to spend before you get tuned out.
6. Don’t ask, don’t tell.
   As a parent, you’ll undoubtedly be perplexed by the jargon, context, and outright subterfuge of their online communication. You can’t really ask what’s going on. As danah boyd put it, your kids are hiding in plain site amidst the constant gaze of parents and teachers. Respect what little private space they have. Remember that you are largely a visitor in this strange land. At best, you’re tolerated; at worst, despised.
7. What happens online stays online.
   Try not to use their online activity against them offline. Just because your thirteen year-old son Like’d Spongebob doesn’t give you license to blab about it to everyone at the next neighborhood barbecue.
8. Mind your own privacy settings.
   Your kids don’t want to see your party pictures. Be a role model. They are watching you, too.
9. Don’t friend their friends.
   I hope this one is plainly obvious, but unless you really are friends, don’t be the “cool parent” and horn into your kids’ social circle.
10. You’re a parent, act like one.
    As your kids get older, they may not see you as simply the prison warden but as an actual person. Remember, they can see your feed, too. I’ve shared interesting stuff that my kids actually have Like’d or commented on. And maybe some of that feedback wasn’t just to suck-up. I can dream, can’t I? After all, it is Father’s Day.

More from Jim Adler, Chief Privacy Officer at Intelius

School teachers used to warn students that any bad grades they received would be forever noted on their infamous permanent record.  In a digital era where social networking sites dominate the internet, and privacy has become more of a luxury than a necessity, individuals everywhere have much more to worry about than a bad report card.  In the endless controversy regarding our first amendment right versus consumer privacy rights, the 20^th Annual CFP (Computers, Freedom, and Privacy) Conference brought together rights activists, companies and attorneys from a variety of backgrounds in hopes of striking a balance between online information brokers and privacy.

The argument between free speech and privacy is in many ways two sides of the same coin.  Consumer advocacy groups argue that not only are consumers unaware of how their personal information is being collected and used, but they also cannot do anything to change this.  On the other hand, certain attorneys, large search engines and information commerce companies cite that while privacy is valued, so is safety and trust to the people you are interacting with on a daily basis.  Luckily, both sides support forums like CFP that can create functional transparency in the public information industry and can help define and clarify the large gray area that is the foundation for endless lawsuits and controversy.

In a CFP panel titled, Online Information Brokers and Privacy: Where’s the Balance, representatives of non-profit consumer advocacy organizations like the Privacy Rights Clearinghouse and the World Privacy Forum instilled concern in viewers by alluding to specific anecdotes where public records of individuals (such as witnesses or domestic violence witnesses) have led to harassment and identity theft.  Generally speaking, these activist groups aim to spread awareness and advise consumers on how to protect their privacy rights.  They also stated how public records can pose security concerns because of the way fraudulent businesses in the past have used data in malicious ways.

Intelius Chief Privacy Officer, Jim Adler, served on the other end of the panel working together with privacy activists to create a balance and ultimately find a way to better serve the needs of consumers.  Adler noted that Intelius is not only aware of emerging concerns, but is also interested in increasing communication and collaboration with rights advocates to reach a middle ground.  In addition, he noted that the company understands that the higher level of transparency being created by social media and the internet also means privacy issues that need to be addressed.  For these reasons, Intelius has developed specific policies to differentiate itself from many other online information companies. While other businesses do not give you the option of deleting your information (citing free speech), Intelius has a free opt-out policy where individuals (i.e. threatened witnesses, law enforcement, and domestic violence victims) can remove themselves, no questions asked.

Different from a large amount of information brokers being attacked by activists, Intelius does not sell lists of information.  Instead, they act as an information retailer that buys lists, gathers information and sells it one at a time to consumers in hopes of providing insight and security.  Intelius, Adler states, believes that in order to “strike this balance, you’ll need to be able to have an environment where you can innovate responsibly… trust the individuals you interact with, and provide people with valuable services,”  requiring industry collaboration.  Ultimately, he believes that it is necessary to work together with privacy organizations to use public records in proactive ways that ultimately empower consumers.  However, even though Intelius can help you remove your name from their database, there are still hundreds of other companies willing to give out your information for a price.

In the midst of a social media phenomenon, consumer advocacy groups show how free basic public records have recently transformed into more robust reports from aggregators like Spokeo.com, who compile a wide range of information, including personal information from social networking sites.  The average consumer, they argue, is unaware of how much of the personal information is online and how it is being used. In a new age of modern permanent records, popular sites like Facebook and Twitter are the face of a hidden world of commercial data brokers.  Moreover, not all information is accurate, and even if consumers are aware, they are unable to erase or correct their personal records.  As a company dedicated to ultimately providing customers with a valuable service, Adler declared “the next step is to give you transparency to the info that’s out there, know what your digital footprint is, and then provide a way to comment, dispute and correct (it)”.

Privacy advocate organizations also noted there is a wide spectrum of information commerce companies that make up the industry, and not all can be placed in the same negatively perceived category.  The very idea that certain companies, like Intelius, were interested in participating in such a conference sheds light upon companies and their willingness to address their consumers concerns.

Forums like CFP are able to bring together all sides of the issue, and through industry cooperation, increase the likelihood of creating clear definitions and viable solutions.  Both consumer privacy activists and information brokers  support an approach that requires advocates, consumers, companies, and regulators to come together to figure out what’s right.

All participants on the CFP panel agree that in the future, data collection is inevitable, and panels like this can help create a balance between privacy and public records.  Adler ended his speech reminding viewers that “innovation is a team sport and it requires everyone to help us get through this in a productive way that empowers the customers.”  In the meantime, consumers need to be informed and aware of the availability of their personal information, knowing their online activity may forever be accessible on their modern permanent record.